function executeChange($currUser, $userid, $newrole) { if ($newrole !== "1" && $newrole !== "2" && $newrole !== "3" && $newrole !== "4") { return "Invalid status!"; } $userDAO = new UserDAO(); $userChan = $userDAO->getUserByID($userid); $userCurr = $userDAO->getUserByID($currUser); //get current session user if ($userCurr->getRole()->getRoleID() !== "1" && $userCurr->getRole()->getRoleID() !== "2") { return "You have no right to change user status!"; } if ($userChan === null) { //database return "Could not find this user!"; } if ($userChan->getRole()->getRoleID() === $newrole) { //type return "Old status is equal to new status, don't need to change!"; } if ($userCurr->getRole()->getRoleID() === "2") { if ($newrole === "1" || $newrole === "2") { return "You have no right to set an advanced user."; } } $roleDAO = new RoleDAO(); $newroleObj = $roleDAO->getRoleByID($newrole); $userChan->setRole($newroleObj); $userDAO->updateUser($userChan); return true; }
function verify() { if (isset($_GET["groupid"]) && isset($_GET["accept"])) { $groupID = $_GET["groupid"]; if (!isValidID($groupID)) { return; } $groupDAO = new GroupDAO(); $group = $groupDAO->getGroupByID($groupID); if ($group === null) { return; } $userDAO = new UserDAO(); $user = $userDAO->getUserByID($_SESSION["userID"]); $gmDAO = new GroupMemberDAO(); $gm = $gmDAO->getGroupMember($group, $user); if ($gm === null) { return; } $status = $gm->getAcceptStatus(); if ($status == "1") { return; } if ($_GET["accept"] == "1") { $gm->setAcceptStatus("1"); $gmDAO->updateGroupMember($gm); } elseif ($_GET["accept"] == "3") { $gmDAO->deleteGroupMember($gm); } } }
function displaySettings() { $tpl = new FastTemplate("templates/"); $tpl->define(array("web_main" => "web_main.html", "web_header" => "web_header.html", "head_script" => "settings/head_script.html", "profile" => "settings/profile.html", "department" => "settings/department.html", "department_option" => "settings/department_option.html", "authority" => "settings/authority.html", "body" => "settings/body.html", "web_nav" => "web_nav.html", "web_footer" => "web_footer.html")); $userDAO = new UserDAO(); $user = $userDAO->getUserByID($_SESSION["userID"]); //display profile displayProfile($user, $tpl); //display group displayGroup($user, $tpl); $role = $user->getRole(); if ($role->getRoleID() == "1" || $role->getRoleID() == "2") { //display user displayUser($user, $tpl); desplayDepartment($user, $tpl); //display record displayRecord($user, $tpl); $tpl->parse("SETTINGS_AUTHORITY", "authority"); } else { $tpl->assign("SETTINGS_DEPARTMENT", ""); $tpl->assign("SETTINGS_USER", ""); $tpl->assign("SETTINGS_RECORD", ""); $tpl->assign("SETTINGS_AUTHORITY", ""); } $tpl->assign("TITLE", "My Profile"); $tpl->parse("WEB_HEADER", "web_header"); $tpl->parse("HEAD_SCRIPT", "head_script"); $tpl->parse("WEB_NAV", "web_nav"); $tpl->parse("SETTINGS_PROFILE", "profile"); $tpl->parse("BODY", ".body"); $tpl->parse("WEB_FOOTER", "web_footer"); $tpl->parse("MAIN", "web_main"); $tpl->FastPrint(); }
function execChangeProfile($firstname, $lastname, $sex, $departmentID) { if (!isValidName($firstname) || !isValidName($lastname)) { return "Please enter valid names!"; } if (!isValidID($departmentID)) { return "Invalid department id!"; } $departDAO = new DepartmentDAO(); $depart = $departDAO->getDepartmentByID($departmentID); if ($depart === null) { return "Could not find the depart!"; } $userDAO = new UserDAO(); $user = $userDAO->getUserByID($_SESSION["userID"]); $user->setDepartment($depart); if ($user->getFirstName() != $firstname) { $user->setFirstName($firstname); } if ($user->getLastName() != $lastname) { $user->setLastName($lastname); } if ($user->getGender() != $sex) { $user->setGender($sex); } if (isset($_FILES["uploadphoto"])) { $ans = uploadPhoto($user, $_FILES["uploadphoto"]); if ($ans !== true) { return $ans; } } $userDAO->updateUser($user); return true; }
function execEditGroup($userID, $groupID, $checkedUser) { if (gettype($checkedUser) != "array") { return "Wrong type of group member!"; } $checkedUser[] = $userID; $userDAO = new UserDAO(); $user = $userDAO->getUserByID($userID); if (!isValidID($groupID)) { return "Invalid group ID!"; } $groupDAO = new GroupDAO(); $group = $groupDAO->getGroupByID($groupID); if ($group === null) { return "Group doesn't exist!"; } if ($group->getOwner()->getUserID() !== $userID) { return "You are not the owner of this group!"; } $gmDAO = new GroupMemberDAO(); $gms = $gmDAO->getGroupMembersByGroup($group); foreach ($gms as $gm) { $alreadyUser = $gm->getUser(); if (in_array($alreadyUser->getUserID(), $checkedUser)) { continue; } $gmDAO->deleteGroupMember($gm); } return true; }
function executeChange($userID, $recordID, $newRecordStatus) { if ($newRecordStatus !== "1" && $newRecordStatus !== "2" && $newRecordStatus !== "3") { return "Invalid status!"; } $userDAO = new UserDAO(); $user = $userDAO->getUserByID($userID); $recordDAO = new RecordDAO(); $record = $recordDAO->getRecordByID($recordID); if ($record === null) { return "Could not find this record!"; } if ($record->getDisplayStatus() === $newRecordStatus) { return "Old status is equal to new status, don't need to change!"; } if ($user->getRole()->getRoleID() === "3") { if ($record->getUser()->getUserID() !== $userID) { return "You have no right to change group status!"; } if ($newStatus === "3") { return "You have no right to delete this record!"; } } if ($newRecordStatus !== "3") { $record->setDisplayStatus($newRecordStatus); $recordDAO->updateRecord($record); // Do not have updateRecord function } else { $recordDAO->deleteRecord($record); //Do not have this function } return true; }
function uploadFile($userID, $groupID, $file) { $userDAO = new UserDAO(); $user = $userDAO->getUserByID($userID); if ($user->getRole()->getRoleID() == "4") { return "This user was forbidden to upload file!"; } if (!isValidID($groupID)) { return "Group id is not valid!"; } $groupDAO = new GroupDAO(); $group = $groupDAO->getGroupByID($groupID); if ($group === null) { return "Can not find this group!"; } if ($group->getActivateStatus() === "2") { return "Group is not activated!"; } $groupMemberDAO = new GroupMemberDAO(); $groupMember = $groupMemberDAO->getGroupMember($group, $user); if ($groupMember === null) { return "User didn't belong to this group!"; } if (gettype($file["error"]) == "array") { return "Only accept one file!"; } $res = isValidUploadFile($file["error"]); if ($res !== true) { return $res; } $fileType = -1; $res = isValidImage($file["name"]); if ($res === true) { $fileType = "2"; } $res = isValidFile($file["name"]); if ($res === true) { $fileType = "3"; } if ($fileType === -1) { return "Only accepts jpeg/jpg/gif/png/zip file!"; } $record = new Record($group, $user, $fileType, "temp", "1"); $recordDAO = new RecordDAO(); $recordDAO->insertRecord($record); $fileDir = "upload/"; $filePath = $fileDir . $record->getRecordID() . "_" . $file["name"]; $record->setContent($filePath); $recordDAO->updateRecord($record); if (file_exists($filePath)) { unlink($filePath); } if (!move_uploaded_file($file['tmp_name'], $filePath)) { return "Fail to move file, please contact administrator!"; } return true; }
function execCreateGroup($userID, $groupMember, $groupName) { $userDAO = new UserDAO(); $user = $userDAO->getUserByID($userID); if ($user->getRole()->getRoleID() == "4") { return "This user was forbidden to do this!"; } if (gettype($groupMember) != "array") { return "Wrong type of group member!"; } if (count($groupMember) === 0) { return "You must choose at least one group member!"; } if (count(array_unique($groupMember)) < count($groupMember)) { return "Group member has duplicate value!"; } if (in_array($userID, $groupMember)) { return "Group owner should not be a group member!"; } if ($groupName === "" || !isValidGroupName($groupName)) { return "Invalid group name, length should be between 2 to 20 and only accepts a-z, A-Z, single space!"; } $arr = array(); foreach ($groupMember as $groupUserID) { $groupUser = $userDAO->getUserByID($groupUserID); if ($groupUser === null) { return "Could not find some group members!"; } $arr[] = $groupUser; } $newGroup = new Group($user, $groupName, "1"); $groupDAO = new GroupDAO(); $groupDAO->insertGroup($newGroup); $gmDAO = new GroupMemberDAO(); $newGM = new GroupMember($newGroup, $user, "1"); $gmDAO->insertGroupMember($newGM); foreach ($arr as $gmUser) { $newGM = new GroupMember($newGroup, $gmUser, "2"); $gmDAO->insertGroupMember($newGM); } return true; }
function execAddToGroup($userID, $groupID, $adduserIDs) { $userDAO = new UserDAO(); $user = $userDAO->getUserByID($userID); if (!isValidID($groupID)) { return "Invalid group ID!"; } if (gettype($adduserIDs) != "array") { return "Wrong type of user id!"; } if (count($adduserIDs) === 0) { return "You have to choose users to add to this group!"; } foreach ($adduserIDs as $adduserID) { if (!isValidID($adduserID)) { return "Invalid user ID!"; } } $groupDAO = new GroupDAO(); $group = $groupDAO->getGroupByID($groupID); if ($group === null) { return "Group doesn't exist!"; } if ($group->getOwner()->getUserID() !== $userID) { return "You are not the owner of this group!"; } $gmDAO = new GroupMemberDAO(); foreach ($adduserIDs as $auID) { $aduser = $userDAO->getUserByID($auID); if ($aduser === null) { continue; } $gm = $gmDAO->getGroupMember($group, $aduser); if ($gm !== null) { continue; } $gm = new GroupMember($group, $aduser, "2"); $gmDAO->insertGroupMember($gm); } return true; }
function postRecord($userID, $groupID, $messageType, $content) { $userDAO = new UserDAO(); $user = $userDAO->getUserByID($userID); if ($user->getRole()->getRoleID() == "4") { return "This user was forbidden to post!"; } if (!isValidID($groupID)) { return "Group id is not valid!"; } if (!isValidMessageType($messageType)) { return "Message type is not valid!"; } if (gettype($content) != "string" || strlen($content) > 1000) { return "Wrong type content or exceed max length(1000)!"; } if ($messageType == "4") { if (!preg_match("/^http:\\/\\//i", $content)) { return "Only accept http url!"; } $content = substr($content, 7); if ($content === "") { return "Invalid url!"; } } $groupDAO = new GroupDAO(); $group = $groupDAO->getGroupByID($groupID); if ($group === null) { return "Can not find this group!"; } if ($group->getActivateStatus() === "2") { return "Group is not activated!"; } $groupMemberDAO = new GroupMemberDAO(); $groupMember = $groupMemberDAO->getGroupMember($group, $user); if ($groupMember === null) { return "User didn't belong to this group!"; } $record = new Record($group, $user, $messageType, $content, "1"); $recordDAO = new RecordDAO(); $recordDAO->insertRecord($record); return true; }
function execChangePW($password, $newpassword, $confirmpw) { if ($password == "" || $newpassword == "" || $confirmpw == "") { return "Please fill all the necessary information!"; } if (!isValidPassword($password) || !isValidPassword($newpassword)) { return "Please enter a valid password!"; } if ($newpassword !== $confirmpw) { return "The new password and the confirmed new password must be the same!"; } $userDAO = new UserDAO(); $user = $userDAO->getUserByID($_SESSION["userID"]); if (!verifyPassword($password, $user->getPassword())) { return "The old password you entered is not correct!"; } $encryptPW = encryptPassword($newpassword); $user->setPassword($encryptPW); $userDAO->updateUser($user); return true; }
function executeChange($userID, $groupID, $newStatus) { $newStatus = $newStatus; if ($newStatus !== "1" && $newStatus !== "2" && $newStatus !== "3") { return "Invalid status!"; } $userDAO = new UserDAO(); $user = $userDAO->getUserByID($userID); $groupDAO = new GroupDAO(); $group = $groupDAO->getGroupByID($groupID); if ($group === null) { return "Could not find this group!"; } if ($group->getActivateStatus() === $newStatus) { return "Old status is equal to new status, don't need to change!"; } if ($user->getRole()->getRoleID() === "3") { if ($group->getOwner()->getUserID() !== $userID) { return "You have no right to change group status!"; } if ($newStatus === "3") { return "You have no right to delete this group!"; } } if ($newStatus !== "3") { $group->setActivateStatus($newStatus); $groupDAO->updateGroup($group); } else { //delete records $recordDAO = new RecordDAO(); $recordDAO->deleteRecordsByGroup($group); //delete groupmember $gmDAO = new GroupMemberDAO(); $gmDAO->deleteGroupMembersByGroup($group); //delete group $groupDAO->deleteGroup($group); } return true; }
function execEditDep($userID, $departmentID, $departmentName) { if (!isValidID($departmentID)) { return "Invalid parent ID!"; } if (!isValidDepartmentName($departmentName)) { return "Invalid department name!"; } $departDAO = new DepartmentDAO(); $depart = $departDAO->getDepartmentByID($departmentID); if ($depart === null) { return "Could not find this department!"; } $userDAO = new UserDAO(); $user = $userDAO->getUserByID($userID); $role = $user->getRole(); if ($role->getRoleID() == "4" || $role->getRoleID() == "3") { return "You have no right to do this!"; } $depart->setDepartmentName($departmentName); $departDAO->updateDepartment($depart); return true; }
function changeRecordStatus($adminID, $recordID, $displayStatus) { $userDAO = new UserDAO(); $admin = $userDAO->getUserByID($adminID); if ($admin->getRole()->getRoleID !== 1 || $admin->getRole()->getRoleID !== 2) { return "You do not have the right to change record status!"; } $recordDAO = new RecordDAO(); $record = $recordDAO->getRecordByID($recordID); //need function if ($record->getDisplayStatus() === $displayStatus) { return "Same Status, no need to change it!"; } $record->setDisplayStatus($displayStatus); $recordDAO->updateRecord($record); //need function }
function displayIndex($userID) { $tpl = new FastTemplate("templates/"); $tpl->define(array("web_main" => "web_main.html", "web_header" => "web_header.html", "head_script" => "index/head_script.html", "user" => "index/user.html", "department" => "index/department.html", "list_item" => "index/list_item.html", "group" => "index/group.html", "comment" => "index/comment.html", "link" => "index/link.html", "image" => "index/image.html", "invitation" => "index/invitation.html", "group_option" => "index/group_option.html", "body" => "index/body.html", "web_nav" => "web_nav.html", "web_footer" => "web_footer.html")); $userDAO = new UserDAO(); $user = $userDAO->getUserByID($userID); //initial owner group $groupDAO = new GroupDAO(); $groups = $groupDAO->getGroupsByOwner($user); if ($groups === null) { $tpl->assign("INDEX_GROUP_OPTION", ""); } else { foreach ($groups as $ownerGroup) { $tpl->assign("INDEX_GROUP_OPTIONID", $ownerGroup->getGroupID()); $tpl->assign("INDEX_GROUP_OPTIONNAME", $ownerGroup->getGroupName()); $tpl->parse("INDEX_GROUP_OPTION", ".group_option"); } } //initial list item $gmDAO = new GroupMemberDAO(); $gms = $gmDAO->getGroupMembersByUser($user); if ($gms !== null) { $i = 1; $hasoneaccept = false; foreach ($gms as $gm) { if ($gm->getAcceptStatus() == "2") { continue; } $group = $gm->getGroup(); $tpl->assign("INDEX_LIST_ITEM_GROUPID", $group->getGroupID()); if ($i == 1) { $tpl->assign("INDEX_GROUP_HEADER", $group->getGroupName()); $tpl->assign("INDEX_LIST_ITEM_ACTIVE", "active"); } else { $tpl->assign("INDEX_LIST_ITEM_ACTIVE", ""); } $tpl->assign("INDEX_LIST_ITEM_SEQ", $i); $tpl->assign("INDEX_LIST_ITEM_GROUPNAME", $group->getGroupName()); $tpl->parse("INDEX_LIST_ITEM_LI", ".list_item"); $hasoneaccept = true; $i++; } if ($hasoneaccept == false) { $tpl->assign("INDEX_LIST_ITEM_LI", ""); $tpl->assign("INDEX_GROUP_HEADER", ""); } } else { $tpl->assign("INDEX_LIST_ITEM_LI", ""); $tpl->assign("INDEX_GROUP_HEADER", ""); } //initial comments $recordDAO = new RecordDAO(); if ($gms !== null) { $hasGMSflag = false; $i = 1; foreach ($gms as $gm) { if ($gm->getAcceptStatus() == "2") { continue; } $group = $gm->getGroup(); if ($i == 1) { $tpl->assign("INDEX_GROUP_HIDE", ""); } else { $tpl->assign("INDEX_GROUP_HIDE", "hide"); } $tpl->assign("INDEX_GROUP_SEQ", $i); $records = $recordDAO->getRecordsByGroup($group); if ($records === null) { $tpl->assign("INDEX_GROUP_COMMENT", ""); } else { $hasOneFlag = false; $tpl->clear("INDEX_GROUP_COMMENT"); foreach ($records as $rec) { if ($rec->getDisplayStatus() === "2") { continue; } $commentUser = $rec->getUser(); $tpl->assign("INDEX_GROUP_COMMENT_USERPHOTO", $commentUser->getPhotoURL()); $tpl->assign("INDEX_GROUP_COMMENT_USERNAME", $commentUser->getFirstName() . " " . $commentUser->getLastName()); $tpl->assign("INDEX_GROUP_COMMENT_TIME", $rec->getTime()); $type = $rec->getMessageType(); $con = $rec->getContent(); if ($type == "1") { $tpl->assign("INDEX_GROUP_COMMENT_CONTENT", htmlentities($con)); } else { if ($type == "2") { $tpl->assign("INDEX_CONTENT_IMGURL", $con); $tpl->parse("INDEX_GROUP_COMMENT_CONTENT", "image"); } else { if ($type == "3") { $tpl->assign("INDEX_GROUP_CONTENT_LINKURL", $con); $baseName = pathinfo($con, PATHINFO_BASENAME); $pos = strpos($baseName, "_"); $oriName = substr($baseName, $pos + 1); $tpl->assign("INDEX_GROUP_CONTENT_LINKNAME", htmlentities($oriName)); $tpl->parse("INDEX_GROUP_COMMENT_CONTENT", "link"); } else { if ($type == "4") { $tpl->assign("INDEX_GROUP_CONTENT_LINKURL", "http://" . rawurlencode($con)); $tpl->assign("INDEX_GROUP_CONTENT_LINKNAME", htmlentities($con)); $tpl->parse("INDEX_GROUP_COMMENT_CONTENT", "link"); } } } } $tpl->parse("INDEX_GROUP_COMMENT", ".comment"); $hasOneFlag = true; } if ($hasOneFlag == false) { $tpl->assign("INDEX_GROUP_COMMENT", ""); } } $tpl->parse("INDEX_GROUP", ".group"); $hasGMSflag = true; $i++; } if ($hasGMSflag == false) { $tpl->assign("INDEX_GROUP_COMMENT", ""); $tpl->parse("INDEX_GROUP", "group"); } } else { $tpl->assign("INDEX_GROUP_COMMENT", ""); $tpl->parse("INDEX_GROUP", "group"); } //initial department and user $result = findDepartAndUser(1, $userID); if (count($result) === 0) { $tpl->assign("INDEX_DEPART_USER", ""); } else { foreach ($result as $node) { if ($node["type"] == 1) { $tpl->assign("INDEX_DEPARTID", $node["id"]); $tpl->assign("INDEX_DEPART_NAME", $node["name"]); $tpl->parse("INDEX_DEPART_USER", ".department"); } elseif ($node["type"] == 2) { $tpl->assign("INDEX_USERID", $node["id"]); $tpl->assign("INDEX_USER_NAME", $node["name"]); $tpl->parse("INDEX_DEPART_USER", ".user"); } } } //initial annocement $flag = false; $gmArr = $gmDAO->getGroupMembersByUser($user); if ($gmArr !== null) { foreach ($gmArr as $gmPend) { if ($gmPend->getAcceptStatus() == "2") { $gmGroup = $gmPend->getGroup(); $gmOwner = $gmGroup->getOwner(); $tpl->assign("INDEX_INVITATION_OWNER", $gmOwner->getFirstName() . " " . $gmOwner->getLastName()); $tpl->assign("INDEX_INVITATION_GROUPNAME", $gmGroup->getGroupName()); $tpl->assign("INDEX_INVITATION_GROUPID", $gmGroup->getGroupID()); $tpl->parse("INDEX_INVITATION", ".invitation"); $flag = true; } } } if ($flag === false) { $tpl->assign("INDEX_INVITATION", ""); } $tpl->assign("TITLE", "Home"); $tpl->parse("WEB_HEADER", "web_header"); $tpl->parse("HEAD_SCRIPT", "head_script"); $tpl->parse("WEB_NAV", "web_nav"); $tpl->parse("BODY", ".body"); $tpl->parse("WEB_FOOTER", "web_footer"); $tpl->parse("MAIN", "web_main"); $tpl->FastPrint(); }